PKGBUILDs/extra/p7zip/CVE-2017-17969.patch
2018-02-05 19:18:10 +00:00

26 lines
804 B
Diff

From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
Date: Sun, 28 Jan 2018 21:19:50 +0100
Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
---
CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
index 80b7e67..4acdce5 100644
--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
{
_stack[i++] = _suffixes[cur];
cur = _parents[cur];
- }
+ if (i >= kNumItems)
+ break;
+ }
+
+ if (i >= kNumItems)
+ break;
_stack[i++] = (Byte)cur;
lastChar2 = (Byte)cur;